CentOS7: KVM: error: Cannot create user runtime directory '/run/user/0/libvirt': Permission denied
Solution 1:
By default non-root users cannot access libvirtd directly, unless explicitly granted authorization.
I've done this using PolicyKit:
# cat /etc/polkit-1/rules.d/50-org.libvirt.unix.manage.rules
polkit.addRule(function(action, subject) {
if (action.id == "org.libvirt.unix.manage" &&
subject.user == "nrpe") {
return polkit.Result.YES;
polkit.log("action=" + action);
polkit.log("subject=" + subject);
}
});
This will let user nrpe
do whatever they want to do with libvirtd without requiring a password.
Second, non-root users need to specify the connection URL explicitly in order to access the system libvirtd.
virsh --connect qemu:///system list --all
Solution 2:
Old topic, but I had the same problem today and I think the answer above is not the simplest solution:
ssh root@node
[root@node ~]# su kevin
[kevin@node root]$ echo $XDG_RUNTIME_DIR
/run/user/0
[kevin@node root]$ virsh capabilities
error: failed to connect to the hypervisor
error: Cannot create user runtime directory '/run/user/0/libvirt': Permission denied
--> doesn't work
ssh kevin@node
[kevin@perf28 ~]$ echo $XDG_RUNTIME_DIR
/run/user/1001
[kevin@perf28 ~]$ virsh capabilities
<capabilities>
...
</capabilities>
--> works!
so the issue is that su
(from the root
account) doesn't set XDG_RUNTIME_DIR
, so either re-login with the user, or manually set XDG_RUNTIME_DIR
.